Breaking it down, I will try to provide a brief explanation on what all this talk concerning credit card compliance is about and what it means to direct marketing companies, now and in the future, and most importantly, how you can tell who is and who isn’t compliant.
First, the acronym PCI DSS stands for Payment Card Industry Data Security Standard. The standards inherent are set and endorsed by Visa, American Express, Discover Financial Services, JCB and MasterCard Worldwide. In other words, ALL OF THE MAJOR CREDIT CARD COMPANIES.
The simple goal is to safeguard consumer credit card information and personal data by developing rigorous security standards for all LEVEL 1 processing companies. What is the definition of a LEVEL 1 processing company? Boiled down, it is any company that handles and stores your credit card data. So, your fulfillment company, your telemarketing company and any database company that falls within that definition needs to be certified. The company needs to be LEVEL 1 certified, 3rd Party assessed. Being self-assessed does not make a company compliant. Go to Visa website www.visa.com/cisp to see if your vendors are compliant.
It is your obligation to ensure your vendors are LEVEL 1 compliant, certified and on the list. If not, you’re exposing your company to BIG $$$ FINES. Any breach by any of your non-compliant vendors will cost you and in the future, all non-compliant companies will be levied hefty fines. Call your merchant processor and check your merchant agreement for details. All compliant companies must be validated by Trustwave Trusted Commerce or a PCI-approved auditing firm. Once validated, they will prominently display the validation seal on their website and other media.
George Fanolis is vice president of business development for Fosdick Fulfillment
Tags: , credit card compliance, data security, dds, fosdick fulfillment, george fanolis, pci compliance, visa
I appreciate the resource material. Very nicely done.
I found something called a cpn number that will
give you a new credit profile within 30 days.
the website is
http://www.creditmenow.info
suntech loans student loans suntech student
for garnishment loan student wage loan student garnishment default wage
I am furious about this law, and It is obvious to me that this law is the direct result of Credit Card companies lobbying congress to not only pass along the costs of their security responsibilities onto small business owners but to also increase their revenue and profits by forcing business to “comply.” This is a gross example of how congress directly works for big business and how small businesses always end up eating the costs.
Additionally, PCI DSS is also an obvious scam that in no way creates any real new security. This kind of security system has already been in place for several years and was created during the onset of internal company fraud that directly resulted from their company’s negligence. The resulting consumer anger from credit card companies negligence finally forced them to take some basic security measures, and now they’ve successfully renamed and re-framed these security measurements into a misinformation publicity campaign that turned the whole mess into a profit making scam rather than just basic corporate responsibility.
Please do not allow credit card companies get away with this! Hold them responsible and not small business owners!
Write the Small Business Administration at answerdesk@sba.gov . Copy and paste this letter and sign it!
Thank you for your help!
I use SOLUPAY for my internet sales processing. Their website is http://www.solupay.com/default.asp. Are they Level 1 compliant?
Thanks
Jonas
Hello, I was looking around for a while searching for pci data security standard and I happened upon this site and your post regarding What is PCI DSS Credit Card Compliance All About?, I will definitely this to my pci data security standard bookmarks!
The resulting consumer anger from credit card companies negligence finally forced them to take some basic security measures, and now they’ve successfully renamed and re-framed these security measurements into a misinformation publicity campaign that turned the whole mess into a profit making scam rather than just basic corporate responsibility.